No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Acl does not match lead to intranet user can't trigger ipsec connection

Publication Date:  2012-10-17 Views:  52 Downloads:  0
Issue Description
Two USG50 (A - headquarters, B - branch) to establish IPSEC VPN, A using policy template way can trigger IPSEC feom B, but the PC connected to B from can't trigger IPSEC;
Alarm Information
none
Handling Process
1, Check client PC IP, gateway and so on, find the configuration has no problem, PC can also get out of the public network
2, Check B (USG50) configuration, IPSEC and ACL are all no problem
3, Check A (USG50) configuration, IPSEC configuration has no problem, found the ACL has problem configured by customer. At the ACL from Trust (intranet) - > Untrust (extranet), customer DENY the packet from intranet to intranet, lead to the packet can reach from PC to A, but A will not respond to PC packet, therefore it is impossible to establish IPSEC connection; This problem solved;
As for why from B (USG50) directly establish connection with A (USG50), because the B packet is from Locoal---->Untrust --->Untrust--->Locoal, no matching ACL, so IPSEC connection can establish successfully;
Root Cause
1, customer PC setting problem
2, USG50 ACL configuration problem
3, USG50 version problem
Suggestions
none

END